private Byte[] HandlePOSTRequest(String url, String ip, String[] postParams, String referer, out String status) { status = "200"; Boolean isLoggedIn = CheckStateOfSession(ip); String message = ""; String path = ""; String page = ""; int id = -1; String username = "", password = ""; Boolean isAdmin = false; String[] postParam = postParams[0].Split('='); if (isLoggedIn && !sessions.getSession(activeIPs[ip]).User.Type.Equals(User.USER_TYPE.ADMIN)) // Any unauthorized access is not permitted return HandleError(status = "403"); switch (url) { case "/": if (isLoggedIn) // cp_page submit { String[] newSettings = new String[5]; for (int i = 0; i < postParams.Length - 1; i++) // Don't need the hidden input newSettings[i] = Uri.UnescapeDataString(postParams[i].Split('=')[1]); Settings.SaveNewSettings(int.Parse(newSettings[0]), int.Parse(newSettings[1]), newSettings[2], newSettings[3].Split(';'), newSettings[4] != null); // Restart servers? message = "Successfully saved settings."; path = "SecuredPages\\cp_page.html"; } else // index submit { if (activeIPs.ContainsKey(ip)) { Console.Write("The user is already logged in."); break; } SessionManager.Warning warning; int hashcode = HandleLoginAttempt(postParams, ip, out warning); path = "SecuredPages\\index.html"; switch (warning) { case SessionManager.Warning.WRONG_COMBINATION: Console.WriteLine(message = "The user has entered a wrong combination."); break; case SessionManager.Warning.USER_ALREADY_LOGGED_IN: Console.WriteLine(message = "The user is already logged in."); break; case SessionManager.Warning.SESSION_EXPIRED: Console.WriteLine(message = "The session has expired."); break; case SessionManager.Warning.BLOCKED_IP: Console.WriteLine(message = "{0} is blocked.", ip); break; case SessionManager.Warning.NONE: activeIPs.Add(ip, hashcode); path = "SecuredPages\\cp_page.html"; Console.WriteLine(message = "The user has logged in successfully."); break; } } break; case "/create": for (int i = 0; i < postParams.Length; i++) { postParam = postParams[i].Split('='); switch (postParam[0]) { case "username": username = postParam[1]; break; case "password": password = postParam[1]; break; case "is_admin": // Only appears if checked isAdmin = true; break; default: Console.WriteLine("Unknown post parameter: {0} = {1}", postParam[0], postParam[1]); break; } } MD5 md5 = MD5.Create(); byte[] data = md5.ComputeHash(Encoding.UTF8.GetBytes(password)); StringBuilder sb = new StringBuilder(); for (int i = 0; i < data.Length; i++) sb.Append(data[i].ToString("x2")); UserHandler.createUser(username, sb.ToString(), isAdmin ? "admin" : "supporter"); message = "/users"; path = "SecuredPages\\redirect.html"; break; case "/edit": for (int i = 0; i < postParams.Length; i++) { postParam = postParams[i].Split('='); switch (postParam[0]) { case "id": id = int.Parse(postParam[1]); break; case "username": username = postParam[1]; break; case "is_admin": // Only appears if checked isAdmin = true; break; default: Console.WriteLine("Unknown post parameter: {0} = {1}", postParam[0], postParam[1]); break; } } UserHandler.editUser(id, username, isAdmin ? "admin" : "supporter"); message = "/users"; path = "SecuredPages\\redirect.html"; break; case "/delete": for (int i = 0; i < postParams.Length; i++) { postParam = postParams[i].Split('='); switch (postParam[0]) { case "id": UserHandler.deleteUser(int.Parse(postParam[1])); break; default: break; } } message = "/users"; path = "SecuredPages\\redirect.html"; break; } try { using (StreamReader sr = new StreamReader(path)) page = sr.ReadToEnd(); if (path.Contains("cp_page")) { String oldDefaultPages = ""; foreach (String defaultPage in Settings.DefaultPages) oldDefaultPages += defaultPage + ";"; oldDefaultPages = oldDefaultPages.Substring(0, oldDefaultPages.Length - 1); page = page.Replace("{oldPort}", Settings.Port.ToString()) .Replace("{oldAdminPort}", Settings.AdminPort.ToString()) .Replace("{oldRoot}", Settings.Root) .Replace("{oldDefaultPages}", oldDefaultPages) .Replace("{oldDirectoryBrowsing}", Settings.DirectoryBrowsing ? "checked" : ""); } if (path.Contains("redirect")) page = page.Replace("{url}", message); return Encoding.ASCII.GetBytes(page.Replace("{Message}", message)); } catch (Exception e) { Console.WriteLine("File could not be read. Message:"); Console.WriteLine(e.Message); } return HandleError(status = "404"); }